PHP patch release-CVE-2019-11043

March 15, 2022

NAME

PHPPHP

  • Platforms Affected:
    PHP

  • Risk Level:
    high

  • CVE Type:
    RCE

DESCRIPTION

CVE-2019-11043 is a remote code execution (RCE) vulnerability impacting multiple versions of PHP. A Metasploit module was observed in open source and subsequently shared in the underground.

CVSS Information:

  • CVSS 2.0 SCORE: 7.5
  • CVSS 3.0 SCORE: 9.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://packetstormsecurity[.]com/files/156642/PHP-FPM-7[.]x-Remote-Code-Execution[.]html

MITIGATION

Patching information was released for impacted products and corresponding versions. The vendor addressed the vulnerability in a patch release.

  • Reference Link:
    https://bugs.php.net/patch-display.php?bug_id=78599&patch=0001-Fix-bug-78599-env_path_info-underflow-can-lead-to-RC.patch&revision=latest

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[HUNTERS] – Ransomware Victim: Kumla Kommun

November 14, 2024
image

[SARCOMA] – Ransomware Victim: ADT Freight Services Australia Pty Lt

November 14, 2024
image

[AKIRA] – Ransomware Victim: Berexco LLC

November 14, 2024
image

[AKIRA] – Ransomware Victim: Dumont Printing

November 14, 2024
image

[AKIRA] – Ransomware Victim: Intercomp

November 14, 2024